escapeHTML

Replaces characters that may be confused by a HTML
parser with their equivalent character entity references.

Any data that will appear as text on a web page should
be be escaped. This is especially important for data
that comes from untrusted sources such as Internet users.
A common mistake in CGI programming is to ask a user for
data and then put that data on a web page. For example:

Server: What is your name?
User: <b>Joe<b>
Server: Hello Joe, Welcome

If the name is put on the page without checking that it doesn't
contain HTML code or without sanitizing that HTML code, the user
could reformat the page, insert scripts, and control the the
content on your web server.

This method will replace HTML characters such as > with their
HTML entity reference (&gt;) so that the html parser will
be sure to interpret them as plain text rather than HTML or script.

This method should be used for both data to be displayed in text
in the html document, and data put in form elements. For example:<html><body>This in not a &lt;tag&gt;
in HTML</body></html>
and<form><input type="hidden" name="date" value="This data could
be &quot;malicious&quot;"></form>
In the second example, the form data would be properly be resubmitted
to your CGI script in the URLEncoded format:This data could be %22malicious%22

escapeSQL

Replaces characters that may be confused by an SQL
parser with their equivalent escape characters.

Any data that will be put in an SQL query should
be be escaped. This is especially important for data
that comes from untrusted sources such as Internet users.

For example if you had the following SQL query:"SELECT * FROM addresses WHERE name='" + name + "' AND private='N'"
Without this function a user could give " OR 1=1 OR ''='"
as their name causing the query to be:"SELECT * FROM addresses WHERE name='' OR 1=1 OR ''='' AND private='N'"
which will give all addresses, including private ones.
Correct usage would be:"SELECT * FROM addresses WHERE name='" + StringHelper.escapeSQL(name) + "' AND private='N'"

Another way to avoid this problem is to use a PreparedStatement
with appropriate place holders.

escapeJavaLiteral

Replaces characters that are not allowed in a Java style
string literal with their escape characters. Specifically
quote ("), single quote ('), new line (\n), carriage return (\r),
and backslash (\), and tab (\t) are escaped.

containsAny

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

equalsAny

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

startsWithAny

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

endsWithAny

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

containsAnyIgnoreCase

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

equalsAnyIgnoreCase

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

startsWithAnyIgnoreCase

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

endsWithAnyIgnoreCase

This implementation is more efficient than the brute force approach
of testing the string against each of the terms. It instead compiles
a single regular expression that can test all the terms at once, and
uses that expression against the string.

This is a convenience method. If multiple strings are tested against
the same set of terms, it is more efficient not to compile the regular
expression multiple times.

parseInt

Liberal parse method for integer values. If the input string is a representation of
an integer, that value will be returned. Otherwise the default value is returned.
Surrounding white space is NOT significant.

If the number starts with a base prefix ("0x" for hex, "0b" for binary, "0c" for
octal), it will be parsed with that radix. Otherwise, the number will be parsed in
base 10 radix.

This method does NOT throw number format exceptions.

Parameters:

s - String containing a integer value to be parsed

Returns:

parsed integer value or the default value

Since:

ostermillerutils 1.07.01

parseInt

Liberal parse method for integer values. If the input string is a representation of
an integer, that value will be returned. Otherwise the default value is returned.
Surrounding white space is NOT significant.

This method does NOT throw number format exceptions.

Parameters:

s - String containing a integer value to be parsed

radix - number base used during parsing

Returns:

parsed integer value or the default value

Since:

ostermillerutils 1.07.01

parseBoolean

Liberal parse method for boolean values. If the input string is a word that matches
a boolean value, that boolean value will be returned. Otherwise null is returned.
Comparison is case insensitive. Surrounding white space is NOT significant.

true includes: true, t, yes, y, 1, ok

false includes: false, f, no , n, 0, nope

Parameters:

s - String containing a boolean value to be parsed.

Returns:

true, false, or null

Since:

ostermillerutils 1.07.01

parseBoolean

Liberal parse method for boolean values. If the input string is a word that matches
a boolean value, that boolean value will be returned. Otherwise the default value is
returned. Comparison is case insensitive. Surrounding white space is NOT significant.

true includes: true, t, yes, y, 1, ok

false includes: false, f, no , n, 0, nope

Parameters:

s - String containing a boolean value to be parsed.

defaultValue - returned when the input string does not have a boolean value